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NEW QUESTION 1 
- (Topic 1) 
The Terminal Access Controller Access Control System (TACACS) employs which of the following? 


A. a user ID and static password for network access 

B. a user ID and dynamic password for network access 

C. a user ID and symmetric password for network access 
D. auser ID and asymmetric password for network access 


Answer: A 


Explanation: 
For networked applications, the Terminal Access Controller Access Control System (TACACS) employs a user ID and a static password for network access. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44. 


NEW QUESTION 2 
- (Topic 1) 
Which of the following pairings uses technology to enforce access control policies? 


A. Preventive/Administrative 
B. Preventive/Technical 

C. Preventive/Physical 

D. Detective/Administrative 


Answer: B 


Explanation: 

The preventive/technical pairing uses technology to enforce access control policies. 

TECHNICAL CONTROLS 

Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and 
software, and related devices. Technical controls are sometimes referred to as logical controls. 

Preventive Technical Controls 

Preventive technical controls are used to prevent unauthorized personnel or programs from gaining remote access to computing resources. Examples of these 
controls include: 

Access control software. Antivirus software. Library control systems. Passwords. 

Smart cards. Encryption. 

Dial-up access control and callback systems. 

Preventive Physical Controls 

Preventive physical controls are employed to prevent unauthorized personnel from entering computing facilities (i.e., locations housing computing resources, 
supporting utilities, computer hard copy, and input data media) and to help protect against natural disasters. Examples of these controls include: 

Backup files and documentation. Fences. 

Security guards. Badge systems. Double door systems. Locks and keys. Backup power. 

Biometric access controls. Site selection. 

Fire extinguishers. 

Preventive Administrative Controls 

Preventive administrative controls are personnel-oriented techniques for controlling people’s behavior to ensure the confidentiality, integrity, and availability of 
computing data and programs. Examples of preventive administrative controls include: 

Security awareness and technical training. Separation of duties. 

Procedures for recruiting and terminating employees. Security policies and procedures. 

Supervision. 

Disaster recovery, contingency, and emergency plans. User registration for computer access. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 3 
- (Topic 1) 
The type of discretionary access control (DAC) that is based on an individual's identity is also called: 


A. ldentity-based Access control 

B. Rule-based Access control 

C. Non-Discretionary Access Control 
D. Lattice-based Access control 


Answer: A 


Explanation: 

An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual's identity. 

DAC is good for low level security environment. The owner of the file decides who has access to the file. 

If a user creates a file, he is the owner of that file. An identifier for this user is placed in the file header and/or in an access control matrix within the operating 
system. 

Ownership might also be granted to a specific individual. For example, a manager for a certain department might be made the owner of the files and resources 
within her department. A system that uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can access specific 
resources. 

This model is called discretionary because the control of access is based on the discretion of the owner. Many times department managers, or business unit 
managers , are the owners of the data within their specific department. Being the owner, they can specify who should have access and who should not. 
Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 220). McGraw- Hill . Kindle Edition. 
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NEW QUESTION 4 
- (Topic 1) 
Detective/Technical measures: 


A. include intrusion detection systems and automatically-generated violation reports from audit trail information. 

B. do not include intrusion detection systems and automatically-generated violation reports from audit trail information. 

C. include intrusion detection systems but do not include automatically-generated violation reports from audit trail information. 
D. include intrusion detection systems and customised-generated violation reports from audit trail information. 


Answer: A 


Explanation: 

Detective/Technical measures include intrusion detection systems and automatically-generated violation reports from audit trail information. These reports can 
indicate variations from "normal" operation or detect known signatures of unauthorized access episodes. In order to limit the amount of audit information flagged 
and reported by automated violation analysis and reporting mechanisms, clipping levels can be set. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP 
Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35. 


NEW QUESTION 5 
- (Topic 1) 
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is: 


A. concern that the laser beam may cause eye damage 

B. the iris pattern changes as a person grows older. 

C. there is a relatively high rate of false accepts. 

D. the optical unit must be positioned so that the sun does not shine into the aperture. 


Answer: D 


Explanation: 

Because the optical unit utilizes a camera and infrared light to create the images, sun light can impact the aperture so it must not be positioned in direct light of 
any type. Because the subject does not need to have direct contact with the optical reader, direct light can impact the reader. 

An Iris recognition is a form of biometrics that is based on the uniqueness of a subject's iris. A camera like device records the patterns of the iris creating what is 
known as Iriscode. 

It is the unique patterns of the iris that allow it to be one of the most accurate forms of biometric identification of an individual. Unlike other types of biometics, the 
iris rarely changes over time. Fingerprints can change over time due to scaring and manual labor, voice patterns can change due to a variety of causes, hand 
geometry can also change as well. But barring surgery or an accident it is not usual for an iris to change. The subject has a high-resoulution image taken of their 
iris and this is then converted to Iriscode. The current standard for the Iriscode was developed by John Daugman. When the subject attempts to be authenticated 
an infrared light is used to capture the iris image and this image is then compared to the Iriscode. If there is a match the subject's identity is confirmed. The subject 
does not need to have direct contact with the optical reader so it is a less invasive means of authentication then retinal scanning would be. 

Reference(s) used for this question: AIO, 3rd edition, Access Control, p 134. AIO, 4th edition, Access Control, p 182. 

Wikipedia - http://en.wikipedia.org/wiki/Iris_recognition The following answers are incorrect: 

concern that the laser beam may cause eye damage. The optical readers do not use laser so, concern that the laser beam may cause eye damage is not an issue. 
the iris pattern changes as a person grows older. The question asked about the physical installation of the scanner, so this was not the best answer. If the question 
would have been about long term problems then it could have been the best choice. Recent research has shown that Irises actually do change over time: 
http:/Awww.nature.com/news/ageing- eyes-hinder-biometric-scans-1.10722 

there is a relatively high rate of false accepts. Since the advent of the Iriscode there is a very low rate of false accepts, in fact the algorithm used has never had a 
false match. This all depends on the quality of the equipment used but because of the uniqueness of the iris even when comparing identical twins, iris patterns are 
unique. 


NEW QUESTION 6 
- (Topic 1) 
Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)? 


A. Authentication 
B. Administration 
C. Accounting 

D. Authorization 


Answer: B 


Explanation: 

Radius, TACACS and DIAMETER are classified as authentication, authorization, and accounting (AAA) servers. 

Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, Page 33. 

also see: 

The term "AAA" is often used, describing cornerstone concepts [of the AIC triad] Authentication, Authorization, and Accountability. Left out of the AAA acronym is 
Identification which is required before the three "A's" can follow. Identity is a claim, Authentication proves an identity, Authorization describes the action you can 
perform on a system once you have been identified and authenticated, and accountability holds users accountable for their actions. 

Reference: CISSP Study Guide, Conrad Misenar, Feldman p. 10-11, (c) 2010 Elsevier. 


NEW QUESTION 7 

- (Topic 1) 

What is the main concern with single sign-on? 

A. Maximum unauthorized access would be possible if a password is disclosed. 
B. The security administrator's workload would increase. 

C. The users’ password would be too hard to remember. 

D. User access rights would be increased. 


Answer: A 
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Explanation: 

A major concern with Single Sign-On (SSO) is that if a user's ID and password are compromised, the intruder would have access to all the systems that the user 
was authorized for. 

The following answers are incorrect: 

The security administrator's workload would increase. Is incorrect because the security administrator's workload would decrease and not increase. The admin 
would not be responsible for maintaining multiple user accounts just the one. 

The users’ password would be too hard to remember. Is incorrect because the users would have less passwords to remember. 

User access rights would be increased. Is incorrect because the user access rights would not be any different than if they had to log into systems manually. 


NEW QUESTION 8 

- (Topic 1) 

Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's 
identity which permit access to system services? 


A. Single Sign-On 
B. Dynamic Sign-On 
C. Smart cards 

D. Kerberos 


Answer: A 


Explanation: 

SSO can be implemented by using scripts that replay the users multiple log- ins against authentication servers to verify a user's identity and to permit access to 
system services. 

Single Sign on was the best answer in this case because it would include Kerberos. When you have two good answers within the 4 choices presented you must 
select the 

BEST one. The high level choice is always the best. When one choice would include the 

other one that would be the best as well. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 40. 


NEW QUESTION 9 
- (Topic 1) 
Crime Prevention Through Environmental Design (CPTED) is a discipline that: 


A. Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. 

B. Outlines how the proper design of the logical environment can reduce crime by directly affecting human behavior. 

C. Outlines how the proper design of the detective control environment can reduce crime by directly affecting human behavior. 

D. Outlines how the proper design of the administrative control environment can reduce crime by directly affecting human behavior. 


Answer: A 


Explanation: 

Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by 
directly affecting human behavior. It provides guidance about lost and crime prevention through proper facility contruction and environmental components and 
procedures. 

CPTED concepts were developed in the 1960s. They have been expanded upon and have matured as our environments and crime types have evolved. CPTED 
has been used not just to develop corporate physical security programs, but also for large-scale activities such as development of neighborhoods, towns, and 
cities. It addresses landscaping, entrances, facility and neighborhood layouts, lighting, road placement, and traffic circulation patterns. It looks at 
microenvironments, such as offices and rest-rooms, and macroenvironments, like campuses and cities. 

Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 435). McGraw- Hill. Kindle Edition. 

and 

CPTED Guide Book 


NEW QUESTION 10 
- (Topic 1) 
What refers to legitimate users accessing networked services that would normally be restricted to them? 


A. Spoofing 

B. Piggybacking 
C. Eavesdropping 
D. Logon abuse 


Answer: D 


Explanation: 

Unauthorized access of restricted network services by the circumvention of security access controls is known as logon abuse. This type of abuse refers to users 
who may be internal to the network but access resources they would not normally be allowed. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep 
Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: 

Telecommunications and Network Security (page 74). 


NEW QUESTION 10 
- (Topic 1) 
Which of the following biometric characteristics cannot be used to uniquely authenticate an individual's identity? 


A. Retina scans 


B. Iris scans 
C. Palm scans 
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D. Skin scans 


Answer: D 


Explanation: 

The following are typical biometric characteristics that are used to uniquely authenticate an individual's identity: 

Fingerprints Retina scans Iris scans Facial scans Palm scans Hand geometry Voice 

Handwritten signature dynamics 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 39. 
And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 127-131). 


NEW QUESTION 13 

- (Topic 1) 

Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource 
access? 


A. Smart cards 

B. Single Sign-On (SSO) 

C. Symmetric Ciphers 

D. Public Key Infrastructure (PKI) 


Answer: B 


Explanation: 

The advantages of SSO include having the ability to use stronger passwords, easier administration as far as changing or deleting the passwords, minimize the 
risks of orphan accounts, and requiring less time to access resources. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 39. 


NEW QUESTION 16 

- (Topic 1) 

Which of the following access control techniques best gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that 
maps naturally to an organization's structure? 


A. Access control lists 

B. Discretionary access control 
C. Role-based access control 

D. Non-mandatory access control 


Answer: C 


Explanation: 

Role-based access control (RBAC) gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to 
an organization's structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are given to users in that role. An 
access control list (ACL) is a table that tells a system which access rights each user has to a particular system object. With discretionary access control, 
administration is decentralized and owners of resources control other users' access. Non-mandatory access control is not a defined access control technique. 
Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 9). 


NEW QUESTION 21 
- (Topic 1) 
What does the (star) property mean in the Bell-LaPadula model? 


A. No write up 
B. No read up 
C. No write down 
D. No read down 


Answer: C 


Explanation: 

The (star) property of the Bell-LaPadula access control model states that writing of information by a subject at a higher level of sensitivity to an object at a lower 
level of sensitivity is not permitted (no write down). 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 202). 

Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 5: Security Models and Architecture (page 242, 
243). 


NEW QUESTION 26 
- (Topic 1) 
In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered: 


A. Authentication 
B. Identification 
C. Auditing 

D. Authorization 
Answer: A 


Explanation: 
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Biometric devices can be use for either IDENTIFICATION or AUTHENTICATION 

ONE TO ONE is for AUTHENTICATION 

This means that you as a user would provide some biometric credential such as your fingerprint. Then they will compare the template that you have provided with 
the one stored in the Database. If the two are exactly the same that prove that you are who you pretend to be. 

ONE TO MANY is for IDENTIFICATION 

A good example of this would be within airport. Many airports today have facial recognition cameras, as you walk through the airport it will take a picture of your 
face and then compare the template (your face) with a database full of templates and see if there is a match between your template and the ones stored in the 
Database. This is for IDENTIFICATION of a person. 

Some additional clarification or comments that might be helpful are: Biometrics establish authentication using specific information and comparing results to 
expected data. It does not perform well for identification purposes such as scanning for a person's face in a moving crowd for example. 

Identification methods could include: username, user ID, account number, PIN, certificate, token, smart card, biometric device or badge. 

Auditing is a process of logging or tracking what was done after the identity and authentication process is completed. 

Authorization is the rights the subject is given and is performed after the identity is established. 

Reference OIG (2007) p148, 167 

Authentication in biometrics is a "one-to-one" search to verify claim to an identity made by 

a person. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38. 


NEW QUESTION 28 
- (Topic 1) 
Controls to keep password sniffing attacks from compromising computer systems include which of the following? 


A. static and recurring passwords. 
B. encryption and recurring passwords. 
C. one-time passwords and encryption. 
D. static and one-time passwords. 


Answer: C 


Explanation: 

To minimize the chance of passwords being captured one-time passwords would prevent a password sniffing attack because once used it is no longer valid. 
Encryption will also minimize these types of attacks. 

The following answers are correct: 

static and recurring passwords. This is incorrect because if there is no encryption then someone password sniffing would be able to capture the password much 
easier if it never changed. 

encryption and recurring passwords. This is incorrect because while encryption helps, recurring passwords do nothing to minimize the risk of passwords being 
captured. 

static and one-time passwords. This is incorrect because while one-time passwords will prevent these types of attacks, static passwords do nothing to minimize the 
risk of passwords being captured. 


NEW QUESTION 33 
- (Topic 1) 
Which of the following is NOT a system-sensing wireless proximity card? 


A. magnetically striped card 
B. passive device 

C. field-powered device 

D. transponder 


Answer: A 


Explanation: 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 342. 


NEW QUESTION 34 
- (Topic 1) 
A network-based vulnerability assessment is a type of test also referred to as: 


A. An active vulnerability assessment. 

B. A routing vulnerability assessment. 

C. A host-based vulnerability assessment. 
D. A passive vulnerability assessment. 


Answer: A 


Explanation: 

A network-based vulnerability assessment tool/system either re-enacts system attacks, noting and recording responses to the attacks, or probes different targets 
to infer weaknesses from their responses. 

Since the assessment is actively attacking or scanning targeted systems, network-based vulnerability assessment systems are also called active vulnerability 
systems. 

There are mostly two main types of test: 

PASSIVE: You don't send any packet or interact with the remote target. You make use of public database and other techniques to gather information about your 
target. 

ACTIVE: You do send packets to your target, you attempt to stimulate response which will help you in gathering information about hosts that are alive, services 
runnings, port state, and more. 

See example below of both types of attacks: 

Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, 
message, or any parts of the encryption system. Passive attacks are hard to detect, so in most cases methods are put in place to try to prevent them rather than to 
detect and stop them. 

Altering messages , modifying system files, and masquerading as another individual are acts that are considered active attacks because the attacker is actually 
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doing something instead of sitting back and gathering data. Passive attacks are usually used to gain information prior to carrying out an active attack. 
IMPORTANT NOTE: 

On the commercial vendors will sometimes use different names for different types of scans. However, the exam is product agnostic. They do not use vendor terms 
but general terms. Experience could trick you into selecting the wrong choice sometimes. See feedback from Jason below: 

"| am a system security analyst. It is my daily duty to perform system vulnerability analysis. We use Nessus and Retina (among other tools) to perform our network 
based vulnerability scanning. Both commercially available tools refer to a network based vulnerability scan as a "credentialed" scan. Without credentials, the scan 
tool cannot login to the system being scanned, and as such will only receive a port scan to see what ports are open and exploitable" 

Reference(s) used for this question: 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 865). McGraw- Hill. Kindle Edition. 

and 

DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march 2002 (page 97). 


NEW QUESTION 37 
- (Topic 1) 
Which of the following access control models is based on sensitivity labels? 


A. Discretionary access control 
B. Mandatory access control 
C. Rule-based access control 
D. Role-based access control 


Answer: B 


Explanation: 

Access decisions are made based on the clearance of the subject and the sensitivity label of the object. 

Example: Eve has a "Secret" security clearance and is able to access the "Mugwump Missile Design Profile" because its sensitivity label is "Secret." She is denied 
access to the "Presidential Toilet Tissue Formula" because its sensitivity label is "Top Secret." 

The other answers are not correct because: 

Discretionary Access Control is incorrect because in DAC access to data is determined by the data owner. For example, Joe owns the "Secret Chili Recipe" and 
grants read access to Charles. 

Role Based Access Control is incorrect because in RBAC access decsions are made based on the role held by the user. For example, Jane has the role "Auditor" 
and that role includes read permission on the "System Audit Log.” 

Rule Based Access Control is incorrect because it is a form of MAC. A good example would be a Firewall where rules are defined and apply to anyone connecting 
through the firewall. 

References: 

Allin One third edition, page 164. Official ISC2 Guide page 187. 


NEW QUESTION 41 
- (Topic 1) 
Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? 


A. Using a TACACS+ server. 

B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. 
C. Setting modem ring count to at least 5. 

D. Only attaching modems to non-networked hosts. 


Answer: B 


Explanation: 

Containing the dial-up problem is conceptually easy: by installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the 
firewall, any access to internal resources through the RAS can be filtered as would any other connection coming from the Internet. 

The use of a TACACS+ Server by itself cannot eliminate hacking. 

Setting a modem ring count to 5 may help in defeating war-dialing hackers who look for modem by dialing long series of numbers. 

Attaching modems only to non-networked hosts is not practical and would not prevent these hosts from being hacked. 

Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2: Hackers. 


NEW QUESTION 42 
- (Topic 1) 
Organizations should consider which of the following first before allowing external access to their LANs via the Internet? 


A. plan for implementing workstation locking mechanisms. 

B. plan for protecting the modem pool. 

C. plan for providing the user with his account usage information. 
D. plan for considering proper authentication options. 


Answer: D 


Explanation: 

Before a LAN is connected to the Internet, you need to determine what the 

access controls mechanisms are to be used, this would include how you are going to authenticate individuals that may access your network externally through 
access control. 

The following answers are incorrect: 

plan for implementing workstation locking mechanisms. This is incorrect because locking the workstations have no impact on the LAN or Internet access. 

plan for protecting the modem pool. This is incorrect because protecting the modem pool has no impact on the LAN or Internet access, it just protects the modem. 
plan for providing the user with his account usage information. This is incorrect because the question asks what should be done first. While important your primary 
concern should be focused on security. 


NEW QUESTION 43 
- (Topic 1) 
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Which of the following security models does NOT concern itself with the flow of data? 


A. The information flow model 
B. The Biba model 

C. The Bell-LaPadula model 
D. The noninterference model 


Answer: D 


Explanation: 

The goal of a noninterference model is to strictly separate differing security levels to assure that higher-level actions do not determine what lower-level users can 
see. This is in contrast to other security models that control information flows between differing levels of users, By maintaining strict separation of security levels, a 
noninterference model minimizes leakages that might happen through a covert channel. 

The Bell-LaPadula model is incorrect. The Bell-LaPadula model is concerned with confidentiality and bases access control decsions on the classfication of objects 
and the clearences of subjects. 

The information flow model is incorrect. The information flow models have a similar framework to the Bell-LaPadula model and control how information may flow 
between objects based on security classes. 

The Biba model is incorrect. The Biba model is concerned with integrity and is a complement to the Bell-LaPadula model in that higher levels of integrity are more 
trusted than lower levels. Access control us based on these integrity levels to assure that read/write operations do not decrease an object's integrity. 

References: 

CBK, pp 325 - 326 

AIO3, pp. 290 - 291 


NEW QUESTION 46 

- (Topic 1) 

Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between 
clients and servers? 


A. TCP 
B. SSL 
C. UDP 
D. SSH 


Answer: C 


Explanation: 

The original TACACS, developed in the early ARPANet days, had very limited functionality and used the UDP transport. In the early 1990s, the protocol was 
extended to include additional functionality and the transport changed to TCP. 

TACAGS is defined in RFC 1492, and uses (either TCP or UDP) port 49 by default. TACACS allows a client to accept a username and password and send a query 
to a TACACS authentication server, sometimes called a TACACS daemon or simply TACACSD. TACACSD uses TCP and usually runs on port 49. It would 
determine whether to accept or deny the authentication request and send a response back. 

TACACS+ 

TACACS+ and RADIUS have generally replaced TACACS and XTACAGS in more recently built or updated networks. TACACS+ is an entirely new protocol and is 
not compatible with TACACS or XTACACS. TACACS+ uses the Transmission Control Protocol (TCP) and RADIUS uses the User Datagram Protocol (UDP). 
Since TCP is connection oriented 

protocol, TACACS+ does not have to implement transmission control. RADIUS, however, does have to detect and correct transmission errors like packet loss, 
timeout etc. since it rides on UDP which is connectionless. 

RADIUS encrypts only the users’ password as it travels from the RADIUS client to RADIUS server. All other information such as the username, authorization, 
accounting are transmitted in clear text. Therefore it is vulnerable to different types of attacks. TACACS+ encrypts all the information mentioned above and 
therefore does not have the vulnerabilities present in the RADIUS protocol. 

RADIUS and TACACS + are client/ server protocols, which means the server portion cannot send unsolicited commands to the client portion. The server portion 
can only speak when spoken to. Diameter is a peer-based protocol that allows either end to initiate communication. This functionality allows the Diameter server to 
send a message to the access server to request the user to provide another authentication credential if she is attempting to access a secure resource. 
Reference(s) used for this question: http://en.wikipedia.org/wiki/TACACS 

and 

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 239). McGraw- Hill. Kindle Edition. 


NEW QUESTION 50 
- (Topic 1) 
Which of the following is most relevant to determining the maximum effective cost of access control? 


A. the value of information that is protected 

B. management's perceptions regarding data importance 

C. budget planning related to base versus incremental spending. 
D. the cost to replace lost data 


Answer: A 


Explanation: 
The cost of access control must be commensurate with the value of the information that is being protected. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49. 


NEW QUESTION 55 
- (Topic 1) 
Single Sign-on (SSO) is characterized by which of the following advantages? 


A. Convenience 

B. Convenience and centralized administration 

C. Convenience and centralized data administration 

D. Convenience and centralized network administration 
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Answer: B 


Explanation: 

Convenience -Using single sign-on users have to type their passwords only once when they first log in to access all the network resources; and Centralized 
Administration as some single sign-on systems are built around a unified server administration system. This allows a single administrator to add and delete 
accounts across the entire network from one user interface. 

The following answers are incorrect: 

Convenience - alone this is not the correct answer. 

Centralized Data or Network Administration - these are thrown in to mislead the student. Neither are a benefit to SSO, as these specifically should not be allowed 
with just an SSO. 

References: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, page 35. 

TIPTON, Harold F. & HENRY, Kevin, Official (ISC)2 Guide to the CISSP CBK, 2007, page 180. 


NEW QUESTION 59 
- (Topic 1) 
What is the PRIMARY use of a password? 


A. Allow access to files. 

B. Identify the user. 

C. Authenticate the user. 

D. Segregate various user's accesses. 


Answer: C 


Explanation: 
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 


NEW QUESTION 61 
- (Topic 1) 
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: 


A. Preventive/physical 

B. Detective/technical 

C. Detective/physical 

D. Detective/administrative 


Answer: B 


Explanation: 

The detective/technical control measures are intended to reveal the violations of security policy using technical means. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35. 


NEW QUESTION 63 
- (Topic 1) 
What is called a password that is the same for each log-on session? 


A. "one-time password" 
B. "two-time password" 
C. static password 

D. dynamic password 


Answer: C 


Explanation: 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 


NEW QUESTION 65 
- (Topic 1) 
Which security model is based on the military classification of data and people with clearances? 


A. Brewer-Nash model 
B. Clark-Wilson model 
C. Bell-LaPadula model 
D. Biba model 


Answer: C 


Explanation: 

The Bell-LaPadula model is a confidentiality model for information security based on the military classification of data, on people with clearances and data with a 
classification or sensitivity model. The Biba, Clark-Wilson and Brewer-Nash models are concerned with integrity. 

Source: HARE, Chris, Security Architecture and Models, Area 6 CISSP Open Study Guide, January 2002. 


NEW QUESTION 68 
- (Topic 1) 
Which of the following is the most reliable authentication method for remote access? 
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A. Variable callback system 

B. Synchronous token 

C. Fixed callback system 

D. Combination of callback and caller ID 


Answer: B 


Explanation: 

A Synchronous token generates a one-time password that is only valid for a short period of time. Once the password is used it is no longer valid, and it expires if 
not entered in the acceptable time frame. 

The following answers are incorrect: 

Variable callback system. Although variable callback systems are more flexible than fixed callback systems, the system assumes the identity of the individual 
unless two-factor authentication is also implemented. By itself, this method might allow an attacker access as a trusted user. 

Fixed callback system. Authentication provides assurance that someone or something is who or what he/it is supposed to be. Callback systems authenticate a 
person, but anyone can pretend to be that person. They are tied to a specific place and phone number, which can be spoofed by implementing call-forwarding. 
Combination of callback and Caller ID. The caller ID and callback functionality provides greater confidence and auditability of the caller's identity. By disconnecting 
and calling back only authorized phone numbers, the system has a greater confidence in the location of the call. However, unless combined with strong 
authentication, any individual at the location could obtain access. 

The following reference(s) were/was used to create this question: Shon Harris AIO v3 p. 140, 548 

ISC2 OIG 2007 p. 152-153, 126-127 


NEW QUESTION 70 

- (Topic 1) 

Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in 
conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following? 


A. Multi-party authentication 
B. Two-factor authentication 
C. Mandatory authentication 
D. Discretionary authentication 


Answer: B 


Explanation: 

Once an identity is established it must be authenticated. There exist numerous technologies and implementation of authentication methods however they almost 
all fall under three major areas. 

There are three fundamental types of authentication: Authentication by knowledge—something a person knows 

Authentication by possession—something a person has 

Authentication by characteristic—something a person is Logical controls related to these types are called “factors.” 

Something you know can be a password or PIN, something you have can be a token fob or smart card, and something you are is usually some form of biometrics. 
Single-factor authentication is the employment of one of these factors, two-factor authentication is using two of the three factors, and three-factor authentication is 
the combination of all three factors. 

The general term for the use of more than one factor during authentication is multifactor authentication or strong authentication. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 2367-2379). Auerbach 
Publications. Kindle Edition. 


NEW QUESTION 72 
- (Topic 1) 
The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something: 


A. you need. 
B. non-trivial 
C. you are. 

D. you can get. 


Answer: C 


Explanation: 
This is more commonly known as biometrics and is one of the most accurate ways to authenticate an individual. 
The rest of the answers are incorrect because they not one of the three recognized forms for Authentication. 


NEW QUESTION 77 
- (Topic 1) 
Guards are appropriate whenever the function required by the security program involves which of the following? 


A. The use of discriminating judgment 

B. The use of physical force 

C. The operation of access control devices 
D. The need to detect unauthorized access 


Answer: A 


Explanation: 

The Answer The use of discriminating judgment, a guard can make the determinations that hardware or other automated security devices cannot make due to its 
ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment. Guards are better 
at making value decisions at times of incidents. They are appropriate whenever immediate, discriminating judgment is required by the security entity. 

The following answers are incorrect: 

The use of physical force This is not the best answer. A guard provides discriminating judgment, and the ability to discern the need for physical force. 

The operation of access control devices A guard is often uninvolved in the operations of an automated access control device such as a biometric reader, a smart 
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lock, mantrap, etc. The need to detect unauthorized access The primary function of a guard is not to detect unauthorized access, but to prevent unauthorized 
physical access attempts and may deter social engineering attempts. 

The following reference(s) were/was used to create this question: 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: 
Physical security (page 339). 

Source: ISC2 Offical Guide to the CBK page 288-289. 


NEW QUESTION 79 
- (Topic 1) 
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ? 


A. TCSEC 
B. ITSEC 

C. DIACAP 
D. NIACAP 


Answer: A 


Explanation: 

The Answer TCSEC; The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. 

Initially issued by the National Computer Security Center (NCSC) an arm of the National Security Agency in 1983 and then updated in 1985, TCSEC was replaced 
with the development of the Common Criteria international standard originally published in 2005. 

References: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 197-199. 

Wikepedia http://en.wikipedia.org/wiki/TCSEC 


NEW QUESTION 83 

- (Topic 1) 

In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the 
most accurate. Which of the following would be used to compare accuracy of devices? 


A. the CER is used. 
B. the FRR is used 
C. the FAR is used 
D. the FER is used 


Answer: A 


Explanation: 

equal error rate or crossover error rate (EER or CER): the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from 
the ROC curve. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, the device with the lowest EER is most 
accurate. 

In the context of Biometric Authentication almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If 
the system's sensitivity is increased, such as in an airport metal detector, the system becomes increasingly selective and has a higher False Reject Rate (FRR). 
Conversely, if the sensitivity is decreased, the False Acceptance Rate (FAR) will increase. Thus, to have a valid measure of the system performance, the 
CrossOver Error Rate (CER) is used. 

The following are used as performance metrics for biometric systems: 

false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the 
database. It measures the percent of invalid inputs which are incorrectly accepted. In case of similarity scale, if the person is imposter in real, but the matching 
score is higher than the threshold, then he is treated as genuine that increase the FAR and hence performance also depends upon the selection of threshold 
value. 

false reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template 
in the database. It measures the percent of valid inputs which are incorrectly rejected. 

failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality 
inputs. 

failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric input when presented correctly. 

template capacity: the maximum number of sets of data which can be stored in the system. Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten 

Domains of Computer Security, 2001, John Wiley & Sons, Page 37. and 

Wikipedia at: https://en.wikipedia.org/wiki/Biometrics 


NEW QUESTION 87 
- (Topic 1) 
Identification and authentication are the keystones of most access control systems. Identification establishes: 


A. User accountability for the actions on the system. 

B. Top management accountability for the actions on the system. 

C. EDP department accountability for the actions of users on the system. 
D. Authentication for actions on the system 


Answer: A 


Explanation: 

Identification and authentication are the keystones of most access control systems. Identification establishes user accountability for the actions on the system. 
The control environment can be established to log activity regarding the identification, authentication, authorization, and use of privileges on a system. This can be 
used to detect the occurrence of errors, the attempts to perform an unauthorized action, or to validate when provided credentials were exercised. The logging 
system as a detective device provides evidence of actions (both successful and unsuccessful) and tasks that were executed by authorized users. 

Once a person has been identified through the user ID or a similar value, she must be authenticated, which means she must prove she is who she says she is. 
Three general factors can be used for authentication: something a person knows, something a person has, and something a person is. They are also commonly 
called authentication by knowledge, authentication by ownership, and authentication by characteristic. 
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For a user to be able to access a resource, he first must prove he is who he claims to be, has the necessary credentials, and has been given the necessary rights 
or privileges to perform the actions he is requesting. Once these steps are completed successfully, the user can access and use network resources; however, it is 
necessary to track the user’s activities and enforce accountability for his actions. 

Identification describes a method of ensuring that a subject (user, program, or process) is the entity it claims to be. Identification can be provided with the use of a 
username or account number. To be properly authenticated, the subject is usually required to provide a second piece to the credential set. This piece could be a 
password, passphrase, 

cryptographic key, personal identification number (PIN), anatomical attribute, or token. 

These two credential items are compared to information that has been previously stored for this subject. If these credentials match the stored information, the 
subject is authenticated. But we are not done yet. Once the subject provides its credentials and is properly identified, the system it is trying to access needs to 
determine if this subject has been given the necessary rights and privileges to carry out the requested actions. The system will look at some type of access control 
matrix or compare security labels to verify that this subject may indeed access the requested resource and perform the actions it is attempting. If the system 
determines that the subject may access the resource, it authorizes the subject. 

Although identification, authentication, authorization, and accountability have close and complementary definitions, each has distinct functions that fulfill a specific 
requirement in the process of access control. A user may be properly identified and authenticated to the network, but he may not have the authorization to access 
the files on the file server. On the other hand, a user may be authorized to access the files on the file server, but until she is properly identified and authenticated, 
those resources are out of reach. 

Reference(s) used for this question: 

Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition: Access Control ((ISC)2 Press) (Kindle Locations 889-892). Auerbach 
Publications. Kindle Edition. 

and 

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 3875-3878). McGraw-Hill. Kindle Edition. 

and 

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 3833-3848). McGraw-Hill. Kindle Edition. 

and 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 


NEW QUESTION 92 
- (Topic 1) 
Which of the following is not a security goal for remote access? 


A. Reliable authentication of users and systems 

B. Protection of confidential data 

C. Easy to manage access control to systems and network resources 
D. Automated login for remote users 


Answer: D 


Explanation: 

An automated login function for remote users would imply a weak authentication, thus certainly not a security goal. 

Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition, volume 2, 2001, CRC Press, Chapter 5: An Introduction 
to Secure Remote Access (page 100). 


NEW QUESTION 97 
- (Topic 1) 
What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources? 


A. Micrometrics 

B. Macrometrics 
C. Biometrics 

D. MicroBiometrics 


Answer: C 


Explanation: 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35. 


NEW QUESTION 99 
- (Topic 1) 
Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier? 


A. Dynamic authentication 
B. Continuous authentication 
C. Encrypted authentication 
D. Robust authentication 


Answer: B 


Explanation: 

Continuous authentication is a type of authentication that provides protection against impostors who can see, alter, and insert information passed between the 
claimant and verifier even after the claimant/verifier authentication is complete. These are typically referred to as active attacks, since they assume that the 
imposter can actively influence the connection between claimant and verifier. One way to provide this form of authentication is to apply a digital signature algorithm 
to every bit of data that is sent from the claimant to the verifier. There are other combinations of cryptography that can provide this form of authentication but 
current strategies rely on applying some type of cryptography to every bit 

of data sent. Otherwise, any unprotected bit would be suspect. Robust authentication relies on dynamic authentication data that changes with each authenticated 
session between a claimant and a verifier, but does not provide protection against active attacks. Encrypted authentication is a distracter. 

Source: GUTTMAN, Barbara & BAGWILL, Robert, NIST Special Publication 800-xx, Internet Security Policy: A Technical Guide, Draft Version, May 25, 2000 
(page 34). 


NEW QUESTION 104 
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- (Topic 1) 
Which of the following statements pertaining to access control is false? 


A. Users should only access data on a need-to-know basis. 

B. If access is not explicitly denied, it should be implicitly allowed. 

C. Access rights should be granted based on the level of trust a company has on a subject. 
D. Roles can be an efficient way to assign rights to a type of user who performs certain tasks. 


Answer: B 


Explanation: 

Access control mechanisms should default to no access to provide the necessary level of security and ensure that no security holes go unnoticed. If access is not 
explicitly allowed, it should be implicitly denied. 

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 4: Access Control (page 143). 


NEW QUESTION 106 
- (Topic 1) 
In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on : 


A. sex of a person 

B. physical attributes of a person 
C. age of a person 

D. voice of a person 


Answer: B 


Explanation: 
Today implementation of fast, accurate reliable and user-acceptable biometric identification systems is already under way. 
From: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, Page 7. 


NEW QUESTION 110 
- (Topic 1) 
The Orange Book is founded upon which security policy model? 


A. The Biba Model 

B. The Bell LaPadula Model 
C. Clark-Wilson Model 

D. TEMPEST 


Answer: B 


Explanation: 

From the glossary of Computer Security Basics: 

The Bell-LaPadula model is the security policy model on which the Orange Book requirements are based. From the Orange Book definition, "A formal state 
transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into 
abstract sets of subjects and objects. The notion of secure state is defined and it is proven that each state transition preserves security by moving from secure 
state to secure state; thus, inductively proving the system is secure. A system state is defined to be 'secure' if the only permitted access modes of subjects to 
objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is 
compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode." 

The Biba Model is an integrity model of computer security policy that describes a set of rules. In this model, a subject may not depend on any object or other 
subject that is less trusted than itself. 

The Clark Wilson Model is an integrity model for computer security policy designed for a commercial environment. It addresses such concepts as nondiscretionary 
access control, privilege separation, and least privilege. TEMPEST is a government program that prevents the compromising electrical and electromagnetic signals 
that emanate from computers and related equipment from being intercepted and deciphered. 

Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991. 

Also: U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28-STD. December 1985 (also available here). 


NEW QUESTION 115 
- (Topic 1) 
In addition to the accuracy of the biometric systems, there are other factors that must also be considered: 


A. These factors include the enrollment time and the throughput rate, but not acceptability. 

B. These factors do not include the enrollment time, the throughput rate, and acceptability. 

C. These factors include the enrollment time, the throughput rate, and acceptability. 

D. These factors include the enrollment time, but not the throughput rate, neither the acceptability. 


Answer: C 


Explanation: 

In addition to the accuracy of the biometric systems, there are other factors that must also be considered. 

These factors include the enrollment time, the throughput rate, and acceptability. Enrollment time is the time it takes to initially "register" with a system by providing 
samples 

of the biometric characteristic to be evaluated. An acceptable enrollment time is around two 

minutes. 

For example, in fingerprint systems, the actual fingerprint is stored and requires approximately 250kb per finger for a high quality image. This level of information is 
required for one-to-many searches in forensics applications on very large databases. 

In finger-scan technology, a full fingerprint is not stored-the features extracted from this fingerprint are stored using a small template that requires approximately 
500 to 1000 bytes of storage. The original fingerprint cannot be reconstructed from this template. 

Updates of the enrollment information may be required because some biometric characteristics, such as voice and signature, may change with time. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37 & 
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NEW QUESTION 120 
- (Topic 1) 
What is the primary role of smartcards in a PKI? 


A. Transparent renewal of user keys 

B. Easy distribution of the certificates between the users 

C. Fast hardware encryption of the raw data 

D. Tamper resistant, mobile storage and application of private keys of the users 


Answer: D 


Explanation: 

Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw- Hill/Osborne, page 139; 

SNYDER, J., What is a SMART CARD?. 

Wikipedia has a nice definition at: http://en.wikipedia.org/wiki/Tamper_resistance Security 

Tamper-resistant microprocessors are used to store and process private or sensitive information, such as private keys or electronic money credit. To prevent an 
attacker from 

retrieving or modifying the information, the chips are designed so that the information is not accessible through external means and can be accessed only by the 
embedded software, which should contain the appropriate security measures. 

Examples of tamper-resistant chips include all secure cryptoprocessors, such as the IBM 4758 and chips used in smartcards, as well as the Clipper chip. 

It has been argued that it is very difficult to make simple electronic devices secure against tampering, because numerous attacks are possible, including: 

physical attack of various forms (microprobing, drills, files, solvents, etc.) freezing the device 

applying out-of-spec voltages or power surges applying unusual clock signals 

inducing software errors using radiation 

measuring the precise time and power requirements of certain operations (see power analysis) 

Tamper-resistant chips may be designed to zeroise their sensitive data (especially cryptographic keys) if they detect penetration of their security encapsulation or 
out-of- specification environmental parameters. A chip may even be rated for "cold zeroisation", the ability to zeroise itself even after its power supply has been 
crippled. 

Nevertheless, the fact that an attacker may have the device in his possession for as long as he likes, and perhaps obtain numerous other samples for testing and 
practice, means that it is practically impossible to totally eliminate tampering by a sufficiently motivated opponent. Because of this, one of the most important 
elements in protecting a system is overall system design. In particular, tamper-resistant systems should "fail gracefully" by ensuring that compromise of one device 
does not compromise the entire system. In this manner, the attacker can be practically restricted to attacks that cost less than the expected return from 
compromising a single device (plus, perhaps, a little more for kudos). Since the most sophisticated attacks have been estimated to cost several hundred thousand 
dollars to carry out, carefully designed systems may be invulnerable in practice. 


NEW QUESTION 124 
- (Topic 1) 
Which of the following biometric parameters are better suited for authentication use over a long period of time? 


A. lris pattern 

B. Voice pattern 

C. Signature dynamics 
D. Retina pattern 


Answer: A 


Explanation: 

The iris pattern is considered lifelong. Unique features of the iris are: freckles, rings, rifts, pits, striations, fibers, filaments, furrows, vasculature and coronas. Voice, 
signature and retina patterns are more likely to change over time, thus are not as suitable for authentication over a long period of time without needing re- 
enrollment. Source: FERREL, Robert G, Questions and Answers for the CISSP Exam, domain 1 (derived from the Information Security Management Handbook, 
4th Ed., by Tipton & Krause). 


NEW QUESTION 125 

- (Topic 1) 

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 
as in a biometric authentication system, the system becomes increasingly selective and has the possibility of generating: 


A. Lower False Rejection Rate (FRR) 
B. Higher False Rejection Rate (FRR) 
C. Higher False Acceptance Rate (FAR) 
D. It will not affect either FAR or FRR 


Answer: B 


Explanation: 

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such 
as in a biometric authentication system, the system becomes increasingly selective and has a higher False Rejection Rate (FRR). 

Conversely, if the sensitivity is decreased, the False Acceptance Rate (FRR) will increase. Thus, to have a valid measure of the system performance, the Cross 
Over Error (CER) rate is used. The Crossover Error Rate (CER) is the point at which the false rejection rates and the false acceptance rates are equal. The lower 
the value of the CER, the more accurate the system. 

There are three categories of biometric accuracy measurement (all represented as percentages): 

False Reject Rate (a Type | Error): When authorized users are falsely rejected as unidentified or unverified. 

False Accept Rate (a Type II Error): When unauthorized persons or imposters are falsely accepted as authentic. 

Crossover Error Rate (CER): The point at which the false rejection rates and the false acceptance rates are equal. The smaller the value of the CER, the more 
accurate the system. 

NOTE: 

Within the ISC2 book they make use of the term Accept or Acceptance and also Reject or Rejection when referring to the type of errors within biometrics. Below 
we make use of Acceptance and Rejection throughout the text for conistency. However, on the real exam you could see either of the terms. 
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Performance of biometrics 

Different metrics can be used to rate the performance of a biometric factor, solution or application. The most common performance metrics are the False 
Acceptance Rate FAR and the False Rejection Rate FRR. 

When using a biometric application for the first time the user needs to enroll to the system. The system requests fingerprints, a voice recording or another biometric 
factor from the 

operator, this input is registered in the database as a template which is linked internally to a user ID. The next time when the user wants to authenticate or identify 
himself, the biometric input provided by the user is compared to the template(s) in the database by a matching algorithm which responds with acceptance (match) 
or rejection (no match). 

FAR and FRR 

The FAR or False Acceptance rate is the probability that the system incorrectly authorizes a non-authorized person, due to incorrectly matching the biometric input 
with a valid template. The FAR is normally expressed as a percentage, following the FAR definition this is the percentage of invalid inputs which are incorrectly 
accepted. 

The FRR or False Rejection Rate is the probability that the system incorrectly rejects access to an authorized person, due to failing to match the biometric input 
provided by the user with a stored template. The FRR is normally expressed as a percentage, following the FRR definition this is the percentage of valid inputs 
which are incorrectly rejected. 

FAR and FRR are very much dependent on the biometric factor that is used and on the technical implementation of the biometric solution. Furthermore the FRR is 
strongly person dependent, a personal FRR can be determined for each individual. 

Take this into account when determining the FRR of a biometric solution, one person is insufficient to establish an overall FRR for a solution. Also FRR might 
increase due to environmental conditions or incorrect use, for example when using dirty fingers on a fingerprint reader. Mostly the FRR lowers when a user gains 
more experience in how to use the biometric device or software. 

FAR and FRR are key metrics for biometric solutions, some biometric devices or software even allow to tune them so that the system more quickly matches or 
rejects. Both FRR and FAR are important, but for most applications one of them is considered most important. Two examples to illustrate this: 

When biometrics are used for logical or physical access control, the objective of the application is to disallow access to unauthorized individuals under all 
circumstances. It is clear that a very low FAR is needed for such an application, even if it comes at the price of a higher FRR. 

When surveillance cameras are used to screen a crowd of people for missing children, the objective of the application is to identify any missing children that come 
up on the screen. When the identification of those children is automated using a face recognition software, this software has to be set up with a low FRR. As such 
a higher number of matches will be false positives, but these can be reviewed quickly by surveillance personnel. 

False Acceptance Rate is also called False Match Rate, and False Rejection Rate is sometimes referred to as False Non-Match Rate. 

crossover error rate 


Sensitivity 


crossover error rate 

Above see a graphical representation of FAR and FRR errors on a graph, indicating the CER 

CER 

The Crossover Error Rate or CER is illustrated on the graph above. It is the rate where both FAR and FRR are equal. 

The matching algorithm in a biometric software or device uses a (configurable) threshold which determines how close to a template the input must be for it to be 
considered a match. This threshold value is in some cases referred to as sensitivity, it is marked on the X axis of the plot. When you reduce this threshold there will 
be more false acceptance errors (higher FAR) and less false rejection errors (lower FRR), a higher threshold will lead to lower FAR and higher FRR. 

Speed 

Most manufacturers of biometric devices and softwares can give clear numbers on the time it takes to enroll as well on the time for an individual to be 
authenticated or identified using their application. If speed is important then take your time to consider this, 5 seconds might seem a short time on paper or when 
testing a device but if hundreds of people will use the device multiple times a day the cumulative loss of time might be significant. 

Reference(s) used for this question: 

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third 

Edition ((ISC)2 Press) (Kindle Locations 2723-2731). Auerbach Publications. Kindle Edition. 

and 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. 

and 

http :/Awww.biometric-solutions.com/index.php?story=performance_biometrics 


NEW QUESTION 129 
- (Topic 1) 
Who first described the DoD multilevel military security policy in abstract, formal terms? 


A. David Bell and Leonard LaPadula 
B. Rivest, Shamir and Adleman 

C. Whitfield Diffie and Martin Hellman 
D. David Clark and David Wilson 


Answer: A 


Explanation: 

It was David Bell and Leonard LaPadula who, in 1973, first described the DoD multilevel military security policy in abstract, formal terms. The Bell-LaPadula is a 
Mandatory Access Control (MAC) model concerned with confidentiality. Rivest, Shamir and Adleman (RSA) developed the RSA encryption algorithm. Whitfield 
Diffie and Martin Hellman published the Diffie-Hellman key agreement algorithm in 1976. David Clark and David Wilson developed the Clark-Wilson integrity 
model, more appropriate for security in commercial activities. 
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Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (pages 78,109). 


NEW QUESTION 130 
- (Topic 1) 
Which of the following is true about Kerberos? 


A. It utilizes public key cryptography. 

B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. 
C. It depends upon symmetric ciphers. 

D. It is a second party authentication system. 


Answer: C 


Explanation: 

Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication protocol. It was designed and developed in the mid 1980's by MIT. 
It is considered open source but is copyrighted and owned by MIT. It relies on the user's secret keys. The password is used to encrypt and decrypt the keys. 

The following answers are incorrect: 

It utilizes public key cryptography. Is incorrect because Kerberos depends on secret keys 

(symmetric ciphers). 

It encrypts data after a ticket is granted, but passwords are exchanged in plain text. Is incorrect because the passwords are not exchanged but used for encryption 
and decryption of the keys. 

It is a second party authentication system. Is incorrect because Kerberos is a third party authentication system, you authenticate to the third party (Kerberos) and 
not the system you are accessing. 

References: 

MIT http://web.mit.edu/kerberos/ 

Wikipedi http://en.wikipedia.org/wiki/Kerberos_%28protocol%29 

OIG CBK Access Control (pages 181 - 184) AlOv3 Access Control (pages 151 - 155) 


NEW QUESTION 134 
- (Topic 1) 
What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate? 


A. False Rejection Rate (FRR) or Type | Error 

B. False Acceptance Rate (FAR) or Type II Error 
C. Crossover Error Rate (CER) 

D. Failure to enroll rate (FTE or FER) 


Answer: C 


Explanation: 

The percentage at which the False Rejection Rate equals the False Acceptance Rate is called the Crossover Error Rate (CER). Another name for the CER is the 
Equal Error Rate (EER), any of the two terms could be used. 

Equal error rate or crossover error rate (EER or CER) 

It is the rate at which both accept and reject errors are equal. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, 
the device with the lowest EER is most accurate. 

The other choices were all wrong answers: 

The following are used as performance metrics for biometric systems: 

false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the 
database. It measures the percent of invalid inputs which are incorrectly accepted. This is when an impostor would be accepted by the system. 

False reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template 
in the database. It measures the percent of valid inputs which are incorrectly rejected. This is when a valid company employee would be rejected by the system. 
Failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality 
inputs. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38. 

and https://en.wikipedia.org/wiki/Biometrics 


NEW QUESTION 136 
- (Topic 1) 
Which of the following is not a two-factor authentication mechanism? 


A. Something you have and something you know. 
B. Something you do and a password. 

C. Asmartcard and something you are. 

D. Something you know and a password. 


Answer: D 


Explanation: 

Something you know and a password fits within only one of the three ways authentication could be done. A password is an example of something you know, 
thereby something you know and a password does not constitute a two-factor authentication as both are in the same category of factors. 

A two-factor (strong) authentication relies on two different kinds of authentication factors out of a list of three possible choice: 

something you know (e.g. a PIN or password), 

something you have (e.g. a smart card, token, magnetic card), 

something you are is mostly Biometrics (e.g. a fingerprint) or something you do (e.g. signature dynamics). 

TIP FROM CLEMENT: 

On the real exam you can expect to see synonyms and sometimes sub-categories under the main categories. People are familiar with Pin, Passphrase, Password 
as subset of Something you know. 

However, when people see choices such as Something you do or Something you are they immediately get confused and they do not think of them as subset of 
Biometrics where you have Biometric implementation based on behavior and physilogical attributes. So something you do falls under the Something you are 


Guaranteed success with Our exam guides visit - https:/Awww.certshared.com 


Certshared now are offering 100% pass ensure SSCP dumps! 
[_] CertShared https:/Awww.certshared.com/exam/SSCP/ (1074 Q&As) 


category as a subset. 

Something your do would be signing your name or typing text on your keyboard for example. 

Strong authentication is simply when you make use of two factors that are within two different categories. 
Reference(s) used for this question: 

Shon Harris, CISSP All In One, Fifth Edition, pages 158-159 


NEW QUESTION 137 
- (Topic 1) 
In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because: 


A. people need not use discretion 

B. the access controls are based on the individual's role or title within the organization. 

C. the access controls are not based on the individual's role or title within the organization 
D. the access controls are often based on the individual's role or title within the organization 


Answer: B 


Explanation: 

In an organization where there are frequent personnel changes, non- discretionary access control (also called Role Based Access Control) is useful because the 
access controls are based on the individual's role or title within the organization. You can easily configure a new employee acces by assigning the user to a role 
that has been predefine. The user will implicitly inherit the permissions of the role by being a member of that role. 

These access permissions defined within the role do not need to be changed whenever a new person takes over the role. 

Another type of non-discretionary access control model is the Rule Based Access Control (RBAC or RuBAC) where a global set of rule is uniformly applied to all 
subjects accessing the resources. A good example of RUBAC would be a firewall. 

This question is a sneaky one, one of the choice has only one added word to it which is often. Reading questions and their choices very carefully is a must for the 
real exam. Reading it twice if needed is recommended. 

Shon Harris in her book list the following ways of managing RBAC: Role-based access control can be managed in the following ways: 

Non-RBAC Users are mapped directly to applications and no roles are used. (No roles being used) 

Limited RBAC Users are mapped to multiple roles and mapped directly to other types of 

applications that do not have role-based access functionality. (A mix of roles for applications that supports roles and explicit access control would be used for 
applications that do not support roles) 

Hybrid RBAC Users are mapped to multiapplication roles with only selected rights assigned to those roles. 

Full RBAC Users are mapped to enterprise roles. (Roles are used for all access being granted) 

NIST defines RBAC as: 

Security administration can be costly and prone to error because administrators usually specify access control lists for each user on the system individually. With 
RBAG, security is managed at a level that corresponds closely to the organization's structure. Each user is assigned one or more roles, and each role is assigned 
one or more privileges that are permitted to users in that role. Security administration with RBAC consists of determining the operations that must be executed by 
persons in particular jobs, and assigning employees to the proper roles. Complexities introduced by mutually exclusive roles or role hierarchies are handled by the 
RBAC software, making security administration easier. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32. 

and 

Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition McGraw-Hill. and 

http://csrc.nist.gov/groups/SNS/rbac/ 


NEW QUESTION 140 
- (Topic 1) 
Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? 


A. The Bell-LaPadula model 
B. The information flow model 
C. The noninterference model 
D. The Clark-Wilson model 


Answer: C 


Explanation: 

The goal of a noninterference model is to strictly separate differing security levels to assure that higher-level actions do not determine what lower-level users can 
see. This is in contrast to other security models that control information flows between differing levels of users, By maintaining strict separation of security levels, a 
noninterference model minimizes leakages that might happen through a covert channel. 

The model ensures that any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level. 

It is not concerned with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an 
action, it can not change the state for the entity at the lower level. 

The model also addresses the inference attack that occurs when some one has access to some type of information and can infer(guess) something that he does 
not have the clearance level or authority to know. 

The following are incorrect answers: 

The Bell-LaPadula model is incorrect. The Bell-LaPadula model is concerned only with confidentiality and bases access control decisions on the classfication of 
objects and the clearences of subjects. 

The information flow model is incorrect. The information flow models have a similar framework to the Bell-LaPadula model and control how information may flow 
between objects based on security classes. Information will be allowed to flow only in accordance with the security policy. 

The Clark-Wilson model is incorrect. The Clark-Wilson model is concerned with change control and assuring that all modifications to objects preserve integrity by 
means of well- formed transactions and usage of an access triple (subjet - interface - object). 

References: 

CBK, pp 325 - 326 

AIO3, pp. 290 - 291 

AlOv4 Security Architecture and Design (page 345) 

AlOv5 Security Architecture and Design (pages 347 - 348) 

https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Security_Models#Noninterf erence_Models 


NEW QUESTION 145 
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- (Topic 1) 
Why should batch files and scripts be stored in a protected area? 


A. Because of the least privilege concept. 
B. Because they cannot be accessed by operators. 
C. Because they may contain credentials. 
D. Because of the need-to-know concept. 


Answer: C 


Explanation: 

Because scripts contain credentials, they must be stored in a protected area and the transmission of the scripts must be dealt with carefully. Operators might need 
access to batch files and scripts. The least privilege concept requires that each subject in a system be granted the most restrictive set of privileges needed for the 
performance of authorized tasks. The need-to-know principle requires a user having necessity for access to, knowledge of, or possession of specific information 
required to perform official tasks or services. 

Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3) 


NEW QUESTION 150 
- (Topic 1) 
What does the (star) integrity axiom mean in the Biba model? 


A. No read up 
B. No write down 
C. No read down 
D. No write up 


Answer: D 


Explanation: 

The (star) integrity axiom of the Biba access control model states that an object at one level of integrity is not permitted to modify an object of a higher level of 
integrity (no write up). 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 205). 


NEW QUESTION 155 
- (Topic 1) 
What does the simple integrity axiom mean in the Biba model? 


A. No write down 
B. No read down 
C. No read up 
D. No write up 


Answer: B 


Explanation: 

The simple integrity axiom of the Biba access control model states that a subject at one level of integrity is not permitted to observe an object of a lower integrity 
(no read down). 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: 
Security Architectures and Models (page 205). 


NEW QUESTION 158 
- (Topic 1) 
What physical characteristic does a retinal scan biometric device measure? 


A. The amount of light reaching the retina 

B. The amount of light reflected by the retina 

C. The pattern of light receptors at the back of the eye 
D. The pattern of blood vessels at the back of the eye 


Answer: D 


Explanation: 

The retina, a thin nerve (1/50th of an inch) on the back of the eye, is the part of the eye which senses light and transmits impulses through the optic nerve to the 
brain - the equivalent of film in a camera. Blood vessels used for biometric identification are located along the neural retina, the outermost of retina's four cell 
layers. 

The following answers are incorrect: 

The amount of light reaching the retina The amount of light reaching the retina is not used in the biometric scan of the retina. 

The amount of light reflected by the retina The amount of light reflected by the retina is not used in the biometric scan of the retina. 

The pattern of light receptors at the back of the eye This is a distractor The following reference(s) were/was used to create this question: Reference: Retina Scan 
Technology. 

ISC2 Official Guide to the CBK, 2007 (Page 161) 


NEW QUESTION 160 
- (Topic 1) 
Which of the following is the FIRST step in protecting data's confidentiality? 


A. Install a firewall 
B. Implement encryption 
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C. Identify which information is sensitive 
D. Review all user access rights 


Answer: C 


Explanation: 

In order to protect the confidentiality of the data. The following answers are incorrect because : 

Install a firewall is incorrect as this would come after the information has been identified for sensitivity levels. 
Implement encryption is also incorrect as this is one of the mechanisms to protect the data once it has been identified. 
Review all user access rights is also incorrect as this is also a protection mechanism for the identified information. 
Reference : Shon Harris AlO v3 , Chapter-4 : Access Control , Page : 126 


NEW QUESTION 164 
- (Topic 1) 
Examples of types of physical access controls include all EXCEPT which of the following? 


A. badges 

B. locks 

C. guards 

D. passwords 


Answer: D 


Explanation: 

Passwords are considered a Preventive/Technical (logical) control. The following answers are incorrect: 

badges Badges are a physical control used to identify an individual. A badge can include a smart device which can be used for authentication and thus a Technical 
control, but the actual badge itself is primarily a physical control. 

locks Locks are a Preventative Physical control and has no Technical association. guards Guards are a Preventative Physical control and has no Technical 
association. 

The following reference(s) were/was used to create this question: 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 35). 


NEW QUESTION 168 
- (Topic 1) 
What is one disadvantage of content-dependent protection of information? 


A. It increases processing overhead. 

B. It requires additional password entry. 

C. It exposes the system to data locking. 

D. It limits the user's individual address space. 


Answer: A 


Explanation: 
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 


NEW QUESTION 172 
- (Topic 1) 
When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED? 


A. Type | error 

B. Type Il error 

C. Type Ill error 
D. Crossover error 


Answer: B 


Explanation: 

When the biometric system accepts impostors who should have been rejected , it is called a Type II error or False Acceptance Rate or False Accept Rate. 
Biometrics verifies an individual’s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of 
verifying identification. 

Biometrics is a very sophisticated technology; thus, it is much more expensive and complex than the other types of identity verification processes. A biometric 
system can make authentication decisions based on an individual's behavior, as in signature dynamics, but these can change over time and possibly be forged. 
Biometric systems that base authentication decisions on physical attributes (iris, retina, fingerprint) provide more accuracy, because physical attributes typically 
don’t change much, absent some disfiguring injury, and are harder to impersonate. 

When a biometric system rejects an authorized individual, it is called a Type | error (False Rejection Rate (FRR) or False Reject Rate (FRR)). 

When the system accepts impostors who should be rejected, it is called a Type II error (False Acceptance Rate (FAR) or False Accept Rate (FAR)). Type II errors 
are the most dangerous and thus the most important to avoid. 

The goal is to obtain low numbers for each type of error, but When comparing different biometric systems, many different variables are used, but one of the most 
important metrics is the crossover error rate (CER). 

The accuracy of any biometric method is measured in terms of Failed Acceptance Rate (FAR) and Failed Rejection Rate (FRR). Both are expressed as 
percentages. The FAR is the rate at which attempts by unauthorized users are incorrectly accepted as valid. The FRR is just the opposite. It measures the rate at 
which authorized users are denied access. 

The relationship between FRR (Type I) and FAR (Type II) is depicted in the graphic below . As one rate increases, the other decreases. The Cross-over Error Rate 
(CER) is sometimes considered a good indicator of the overall accuracy of a biometric system. This 

is the point at which the FRR and the FAR have the same value. Solutions with a lower CER are typically more accurate. 

See graphic below from Biometria showing this relationship. The Cross-over Error Rate (CER) is also called the Equal Error Rate (EER), the two are synonymous. 
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Percentage of times a false reject (FRR) 


and false accept (FAR) 


Treshold 


C:\Users\MCS\Desktop\1.jog Cross Over Error Rate 

The other answers are incorrect: 

Type | error is also called as False Rejection Rate where a valid user is rejected by the system. 

Type Ill error : there is no such error type in biometric system. 

Crossover error rate stated in percentage , represents the point at which false rejection equals the false acceptance rate. 
Reference(s) used for this question: http:/Awww.biometria.sk/en/principles-of-biometrics.html 

and 

Shon Harris, CISSP All In One (AIO), 6th Edition , Chapter 3, Access Control, Page 188- 189 

and 

Tech Republic, Reduce Multi_Factor Authentication Cost 


NEW QUESTION 176 
- (Topic 1) 
What does it mean to say that sensitivity labels are "incomparable"? 


A. The number of classification in the two labels is different. 
B. Neither label contains all the classifications of the other. 
C. the number of categories in the two labels are different. 
D. Neither label contains all the categories of the other. 


Answer: D 


Explanation: 

If a category does not exist then you cannot compare it. Incomparable is when you have two disjointed sensitivity labels, that is a category in one of the labels is 
not in the other label. "Because neither label contains all the categories of the other, the labels can't be compared. They're said to be incomparable" 
COMPARABILITY: 

The label: 

TOP SECRET [VENUS ALPHA] 

is "higher" than either of the labels: 

SECRET [VENUS ALPHA] TOP SECRET [VENUS] 

But you can't really say that the label: 

TOP SECRET [VENUS] 

is higher than the label: 

SECRET [ALPHA] 

Because neither label contains all the categories of the other, the labels can't be compared. They're said to be incomparable. In a mandatory access control 
system, you won't be allowed access to a file whose label is incomparable to your clearance. 

The Multilevel Security policy uses an ordering relationship between labels known as the dominance relationship. Intuitively, we think of a label that dominates 
another as being "higher" than the other. Similarly, we think of a label that is dominated by another as being "lower" than the other. The dominance relationship is 
used to determine permitted operations and information flows. 

DOMINANCE 

The dominance relationship is determined by the ordering of the Sensitivity/Clearance component of the label and the intersection of the set of Compartments. 
Sample Sensitivity/Clearance ordering are: 

Top Secret > Secret > Confidential > Unclassified s3 > s2 > s1 > s0 

Formally, for label one to dominate label 2 both of the following must be true: The sensitivity/clearance of label one must be greater than or equal to the 
sensitivity/clearance of label two. 

The intersection of the compartments of label one and label two must equal the compartments of label two. 

Additionally: 

Two labels are said to be equal if their sensitivity/clearance and set of compartments are exactly equal. Note that dominance includes equality. 

One label is said to strictly dominate the other if it dominates the other but is not equal to the other. 

Two labels are said to be incomparable if each label has at least one compartment that is not included in the other's set of compartments. 

The dominance relationship will produce a partial ordering over all possible MLS labels, resulting in what is known as the MLS Security Lattice. 

The following answers are incorrect: 

The number of classification in the two labels is different. Is incorrect because the categories are what is being compared, not the classifications. 

Neither label contains all the classifications of the other. Is incorrect because the categories are what is being compared, not the classifications. 

the number of categories in the two labels is different. Is incorrect because it is possibe a category exists more than once in one sensitivity label and does exist in 
the other so they would be comparable. 

Reference(s) used for this question: 

OReilly - Computer Systems and Access Control (Chapter 3) http://www.oreilly.com/catalog/csb/chapter/ch03.htm! 

and http://rubix.com/cms/mls_dom 


NEW QUESTION 177 
- (Topic 1) 
What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system? 
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A. False Rejection Rate (FRR) or Type | Error 

B. False Acceptance Rate (FAR) or Type II Error 
C. Crossover Error Rate (CER) 

D. True Rejection Rate (TRR) or Type III Error 


Answer: A 


Explanation: 
The percentage of valid subjects that are falsely rejected is called the False Rejection Rate (FRR) or Type | Error. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38. 


NEW QUESTION 182 
- (Topic 1) 
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? 


A. Wave pattern motion detectors 
B. Capacitance detectors 

C. Field-powered devices 

D. Audio detectors 


Answer: B 


Explanation: 

Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather 
than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate and 
alarm. Wave pattern motion detectors generate a frequency wave pattern and send an alarm if the pattern is disturbed as it is reflected back to its receiver. Field- 
powered devices are a type of personnel access control devices. Audio detectors simply monitor a room for any abnormal sound wave generation and trigger an 
alarm. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: 
Physical security (page 344). 


NEW QUESTION 186 
- (Topic 1) 
Access Control techniques do not include which of the following? 


A. Rule-Based Access Controls 

B. Role-Based Access Control 

C. Mandatory Access Control 

D. Random Number Based Access Control 


Answer: D 


Explanation: 

Access Control Techniques Discretionary Access Control 

Mandatory Access Control Lattice Based Access Control Rule-Based Access Control Role-Based Access Control 

Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13. 


NEW QUESTION 190 
- (Topic 1) 
Which of the following division is defined in the TCSEC (Orange Book) as minimal protection? 


A. Division D 
B. Division C 
C. Division B 
D. Division A 


Answer: A 


Explanation: 

The criteria are divided into four divisions: D, C, B, and A ordered in a hierarchical manner with the highest division (A) being reserved for systems providing the 
most comprehensive security. 

Each division represents a major improvement in the overall confidence one can place in the system for the protection of sensitive information. 

Within divisions C and B there are a number of subdivisions known as classes. The classes are also ordered in a hierarchical manner with systems representative 
of division C and lower classes of division B being characterized by the set of computer security mechanisms that they possess. 

Assurance of correct and complete design and implementation for these systems is gained mostly through testing of the security- relevant portions of the system. 
The security-relevant portions of a system are referred to throughout this document as the Trusted Computing Base (TCB). 

Systems representative of higher classes in division B and division A derive their security attributes more from their design and implementation structure. 
Increased assurance that the required features are operative, correct, and tamperproof under all circumstances is gained through progressively more rigorous 
analysis during the design process. 

TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: 

Division D - minimal security Division C - discretionary protection Division B - mandatory protection Division A - verified protection 

Reference: page 358 AIO V.5 Shon Harris 

also 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197. 

Also: 

THE source for all TCSEC "level" questions: http://csrc.nist.gov/publications/secpubs/rainbow/std001 .txt 


NEW QUESTION 195 
- (Topic 1) 
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In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects 
based on the organizational security policy. The access controls may be based on: 


A. The societies role in the organization 

B. The individual's role in the organization 

C. The group-dynamics as they relate to the individual's role in the organization 
D. The group-dynamics as they relate to the master-slave role in the organization 


Answer: B 


Explanation: 

In Non-Discretionary Access Control, when Role Based Access Control is being used, a central authority determines what subjects can have access to certain 
objects based on the organizational security policy. The access controls may be based on the individual's role in the organization. 

Reference(S) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 198 
- (Topic 1) 
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished: 


A. through access control mechanisms that require identification and authentication and through the audit function. 

B. through logical or technical controls involving the restriction of access to systems and the protection of information. 

C. through logical or technical controls but not involving the restriction of access to systems and the protection of information. 

D. through access control mechanisms that do not require identification and authentication and do not operate through the audit function. 


Answer: A 


Explanation: 

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms 
that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organization's 
security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. 
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 203 
- (Topic 1) 
Examples of types of physical access controls include all EXCEPT which of the following? 


A. badges 

B. locks 

C. guards 

D. passwords 


Answer: D 


Explanation: 

Passwords are considered a Preventive/Technical (logical) control. The following answers are incorrect: 

badges Badges are a physical control used to identify an individual. A badge can include a smart device which can be used for authentication and thus a Technical 
control, but the actual badge itself is primarily a physical control. 

locks Locks are a Preventative Physical control and has no Technical association. guards Guards are a Preventative Physical control and has no Technical 
association. 

The following reference(s) were/was used to create this question: 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: 
Access control systems (page 35). 


NEW QUESTION 204 
- (Topic 1) 
Which of the following access control models introduces user security clearance and data classification? 


A. Role-based access control 

B. Discretionary access control 

C. Non-discretionary access control 
D. Mandatory access control 


Answer: D 


Explanation: 

The mandatory access control model is based on a security label system. Users are given a security clearance and data is classified. The classification is stored 
in the security labels of the resources. Classification labels specify the level of trust a user must have to access a certain file. 

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 4: Access Control (Page 154). 


NEW QUESTION 207 
- (Topic 1) 
What is Kerberos? 


A. A three-headed dog from the egyptian mythology. 
B. A trusted third-party authentication protocol. 

C. A security model. 

D. A remote authentication dial in user server. 
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Answer: B 


Explanation: 

Is correct because that is exactly what Kerberos is. The following answers are incorrect: 

A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information Security and not the Egyptian mythology but the Greek 
Mythology. 

A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model. 

A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication dial in user server that would be called RADIUS. 


NEW QUESTION 210 
- (Topic 1) 
Which of the following models does NOT include data integrity or conflict of interest? 


A. Biba 

B. Clark-Wilson 

C. Bell-LaPadula 
D. Brewer-Nash 


Answer: C 


Explanation: 

Bell LaPadula model (Bell 1975): The granularity of objects and subjects is not predefined, but the model prescribes simple access rights. Based on simple access 
restrictions the Bell LaPadula model enforces a discretionary access control policy enhanced with mandatory rules. Applications with rigid confidentiality 
requirements and without strong integrity requirements may properly be modeled. 

These simple rights combined with the mandatory rules of the policy considerably restrict the spectrum of applications which can be appropriately modeled. 
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 

Also check: 

Proceedings of the IFIP TC11 12th International Conference on Information Security, Samos (Greece), May 1996, On Security Models. 


NEW QUESTION 214 

- (Topic 1) 

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches 
on doors and windows are some of the examples of: 


A. Administrative controls 
B. Logical controls 

C. Technical controls 

D. Physical controls 


Answer: D 


Explanation: 

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches 
on doors and windows are all examples of Physical Security. 

Reference(s) used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. 


NEW QUESTION 218 
- (Topic 1) 
Which of the following is most appropriate to notify an external user that session monitoring is being conducted? 


A. Logon Banners 

B. Wall poster 

C. Employee Handbook 
D. Written agreement 


Answer: A 


Explanation: 

Banners at the log-on time should be used to notify external users of any monitoring that is being conducted. A good banner will give you a better legal stand and 
also makes it obvious the user was warned about who should access the system and if it is an unauthorized user then he is fully aware of trespassing. 
This is a tricky question, the keyword in the question is External user. 

There are two possible answers based on how the question is presented, this question could either apply to internal users or ANY anonymous user. 

Internal users should always have a written agreement first, then logon banners serve as a constant reminder. 

Anonymous users, such as those logging into a web site, ftp server or even a mail server; their only notification system is the use of a logon banner. 

References used for this question: 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 50. 
and 
Shon Harris, CISSP All-in-one, 5th edition, pg 873 


NEW QUESTION 221 

- (Topic 1) 

Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants 
access control? 


A. DAC 

B. MAC 

C. Access control matrix 
D. TACACS 
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Answer: B 


Explanation: 

MAC provides high security by regulating access based on the clearance of individual users and sensitivity labels for each object. Clearance levels and sensitivity 
levels cannot be modified by individual users -- for example, user Joe (SECRET clearance) cannot reclassify the "Presidential Doughnut Recipe” from "SECRET" 
to "CONFIDENTIAL" so that his friend Jane (CONFIDENTIAL clearance) can read it. The administrator is ultimately responsible for configuring this protection in 
accordance with security policy and directives from the Data Owner. 

DAC is incorrect. In DAC, the data owner is responsible for controlling access to the object. Access control matrix is incorrect. The access control matrix is a way of 
thinking about the 
access control needed by a population of subjects to a population of objects. This access 
control can be applied using rules, ACL's, capability tables, etc. 

TACACS is incorrect. TACACS is a tool for performing user authentication. References: 
CBK, p. 187, Domain 2: Access Control. AlO3, Chapter 4, Access Control. 


NEW QUESTION 225 

- (Topic 1) 

Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental 
hardware/software units. Such controls, also known as logical controls, represent which pairing? 


A. Preventive/Administrative Pairing 
B. Preventive/Technical Pairing 

C. Preventive/Physical Pairing 

D. Detective/Technical Pairing 


Answer: B 


Explanation: 

Preventive/Technical controls are also known as logical controls and can be built into the operating system, be software applications, or can be supplemental 
hardware/software units. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34. 


NEW QUESTION 230 
- (Topic 1) 
Which type of attack involves impersonating a user or a system? 


A. Smurfing attack 
B. Spoofing attack 
C. Spamming attack 
D. Sniffing attack 


Answer: B 


Explanation: 

A spoofing attack is when an attempt is made to gain access to a computer system by posing as an authorized user or system. Spamming refers to sending out or 
posting junk advertising and unsolicited mail. A smurf attack is a type of denial-of-service attack using PING and a spoofed address. Sniffing refers to observing 
packets passing on a network. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the 

Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 77). 


NEW QUESTION 233 
- (Topic 1) 
Which one of the following factors is NOT one on which Authentication is based? 


A. Type 1. Something you know, such as a PIN or password 

B. Type 2. Something you have, such as an ATM card or smart card 

C. Type 3. Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan 
D. Type 4. Something you are, such as a system administrator or security administrator 


Answer: D 


Explanation: 

Authentication is based on the following three factor types: 

Type 1. Something you know, such as a PIN or password 

Type 2. Something you have, such as an ATM card or smart card 

Type 3. Something you are (Unique physical characteristic), such as a fingerprint or retina scan 

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 
Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 132-133). 


NEW QUESTION 237 

- (Topic 1) 

The "vulnerability of a facility" to damage or attack may be assessed by all of the following except: 
A. Inspection 

B. History of losses 

C. Security controls 

D. security budget 


Answer: D 
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Explanation: 
Source: The CISSP Examination Textbook- Volume 2: Practice by S. Rao Vallabhaneni. 


NEW QUESTION 241 
- (Topic 1) 
What kind of certificate is used to validate a user identity? 


A. Public key certificate 

B. Attribute certificate 

C. Root certificate 

D. Code signing certificate 


Answer: A 


Explanation: 

In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an 
identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to 
an individual. 

In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a 
self-signed certificate) or other users ("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer that the identity 
information and the public key belong together. 

In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to 
use a service or a resource that the issuer controls or has access to use. The permission can be delegated. 

Some people constantly confuse PKCs and ACs. An analogy may make the distinction clear. A PKC can be considered to be like a passport: it identifies the 
holder, tends to last for a long time, and should not be trivial to obtain. An AC is more like an entry visa: it is typically issued by a different authority and does not 
last for as long a time. As acquiring an entry visa typically requires presenting a passport, getting a visa can be a simpler process. 

A real life example of this can be found in the mobile software deployments by large service providers and are typically applied to platforms such as Microsoft 
Smartphone (and related), Symbian OS, J2ME, and others. 

In each of these systems a mobile communications service provider may customize the mobile terminal client distribution (ie. the mobile phone operating system or 
application environment) to include one or more root certificates each associated with a set of capabilities or permissions such as "update firmware", "access 
address book", "use radio interface", and the most basic one, "install and execute”. When a developer wishes to enable distribution and execution in one of these 
controlled environments they must acquire a certificate from an appropriate CA, typically a large commercial CA, and in the process they usually have their identity 
verified using out-of-band mechanisms such as a combination of phone call, validation of their legal entity through government and commercial databases, etc., 
similar to the high assurance SSL certificate vetting process, though often there are additional specific requirements imposed on would-be developers/publishers. 
Once the identity has been validated they are issued an identity certificate they can use to sign their software; generally the software signed by the developer or 
publisher's identity certificate is not distributed but rather it is submitted to processor to possibly test or profile the content before generating an authorization 
certificate which is unique to the particular software release. That certificate is then used with an ephemeral asymmetric key-pair to sign the software as the last 
step of preparation for distribution. There are many advantages to separating the identity and authorization certificates especially relating to risk mitigation of new 
content being accepted into the system and key management as well as recovery from errant software which can be used as attack vectors. 

References: 

HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page 540. 
http://en.wikipedia.org/wiki/Attribute_certificate http://en.wikipedia.org/wiki/Public_key_certificate 


NEW QUESTION 246 
- (Topic 1) 
Which of the following would be an example of the best password? 


A. golf001 

B. Elizabeth 
C. Time4gOIF 
D. password 


Answer: C 


Explanation: 

The best passwords are those that are both easy to remember and hard to crack using a dictionary attack. The best way to create passwords that fulfil both 
criteria is to use two small unrelated words or phonemes, ideally with upper and lower case characters, a special character, and/or a number. Shouldn't be used: 
common names, DOB, spouse, phone numbers, words found in dictionaries or system defaults. 

Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 1. 


NEW QUESTION 250 
- (Topic 1) 
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? 


A. Authentication 
B. Identification 
C. Authorization 
D. Confidentiality 


Answer: B 


Explanation: 

Identification is the act of a user professing an identity to a system, usually in the form of a log-on ID to the system. 

Identification is nothing more than claiming you are somebody. You identify yourself when you speak to someone on the phone that you don’t know, and they ask 
you who they're speaking to. When you say, “I’m Jason.”, you've just identified yourself. 

In the information security world, this is analogous to entering a username. It’s not analogous to entering a password. Entering a password is a method for 
verifying that you are who you identified yourself as. 

NOTE: The word "professing" used above means: "to say that you are, do, or feel something when other people doubt what you say". This is exactly what happen 
when you provide your identifier (identification), you claim to be someone but the system cannot take your word for it, you must further Authenticate to the system 
to prove who you claim to be. 
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The following are incorrect answers: 

Authentication: is how one proves that they are who they say they are. When you claim to be Jane Smith by logging into a computer system as “jsmith”, it’s most 
likely going to ask you for a password. You’ve claimed to be that person by entering the name into the username field (that’s the identification part), but now you 
have to prove that you are really that person. 

Many systems use a password for this, which is based on “something you know’, i.e. a secret between you and the system. 

Another form of authentication is presenting something you have, such as a driver’s license, an RSA token, or a smart card. 

You can also authenticate via something you are. This is the foundation for biometrics. When you do this, you first identify yourself and then submit a thumb print, 
a retina scan, or another form of bio-based authentication. 

Once you've successfully authenticated, you have now done two things: you’ve claimed to be someone, and you've proven that you are that person. The only 
thing that’s left is for the 

system to determine what you’re allowed to do. 

Authorization: is what takes place after a person has been both identified and authenticated; it’s the step determines what a person can then do on the system. 
An example in people terms would be someone knocking on your door at night. You say, “Who is it?”, and wait for a response. They say, “It’s John.” in order to 
identify themselves. You ask them to back up into the light so you can see them through the peephole. They do so, and you authenticate them based on what they 
look like (biometric). At that point you decide they can come inside the house. 

If they had said they were someone you didn’t want in your house (identification), and you then verified that it was that person (authentication), the authorization 
phase would not include access to the inside of the house. 

Confidentiality: Is one part of the CIA triad. It prevents sensitive information from reaching the wrong people, while making sure that the right people can in fact get 
it. A good example is a credit card number while shopping online, the merchant needs it to clear the transaction but you do not want your informaiton exposed over 
the network, you would use a secure link such as SSL, TLS, or some tunneling tool to protect the information from prying eyes between point A and point B. Data 
encryption is a common method of ensuring confidentiality. 

The other parts of the CIA triad are listed below: 

Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and steps must 
be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality). In addition, some means must be in place to 
detect any changes in data that might occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash. If an unexpected 
change occurs, a backup copy must be available to restore the affected data to its correct state. 

Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed, providing a certain measure of 
redundancy and failover, providing adequate communications bandwidth and preventing the occurrence of bottlenecks, implementing emergency backup power 
systems, keeping current with all necessary system upgrades, and guarding against malicious actions such as denial-of- service (DoS) attacks. 

Reference used for this question: 

http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-ClA http://www.danielmiessler.com/blog/security-identification-authentication-and- 
authorization http:/www.merriam-webster.com/dictionary/profess 

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. 


NEW QUESTION 255 
- (Topic 1) 
Access Control techniques do not include which of the following choices? 


A. Relevant Access Controls 
B. Discretionary Access Control 
C. Mandatory Access Control 
D. Lattice Based Access Control 


Answer: A 


Explanation: 

Access Control Techniques Discretionary Access Control 

Mandatory Access Control Lattice Based Access Control Rule-Based Access Control Role-Based Access Control 

Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13. 


NEW QUESTION 256 

- (Topic 1) 

There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond 
most closely to which of the following? 


A. public keys 

B. private keys 

C. public-key certificates 
D. private-key certificates 


Answer: C 


Explanation: 

A Kerberos ticket is issued by a trusted third party. It is an encrypted data structure that includes the service encryption key. In that sense it is similar to a public- 
key certificate. However, the ticket is not the key. 

The following answers are incorrect: 

public keys. Kerberos tickets are not shared out publicly, so they are not like a PKI public key. 

private keys. Although a Kerberos ticket is not shared publicly, it is not a private key. Private keys are associated with Asymmetric crypto system which is not used 
by Kerberos. Kerberos uses only the Symmetric crypto system. 

private key certificates. This is a detractor. There is no such thing as a private key certificate. 


NEW QUESTION 261 
- (Topic 1) 
Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer? 


A. Data diddling 

B. Salami techniques 
C. Trojan horses 

D. Viruses 
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Answer: A 


Explanation: 

It involves changing data before , or as it is entered into the computer or in 

other words , it refers to the alteration of the existing data. The other answers are incorrect because : 

Salami techniques : A salami attack is the one in which an attacker commits several small crimes with the hope that the overall larger crime will go unnoticed. 
Trojan horses: A Trojan Horse is a program that is disguised as another program. Viruses:A Virus is a small application , or a string of code , that infects 
applications. 

Reference: Shon Harris , AIO v3 

Chapter - 11: Application and System Development, Page : 875-880 Chapter - 10: Law, Investigation and Ethics , Page : 758-759 


NEW QUESTION 265 
- (Topic 1) 
Which access model is most appropriate for companies with a high employee turnover? 


A. Role-based access control 
B. Mandatory access control 

C. Lattice-based access control 
D. Discretionary access control 


Answer: A 


Explanation: 

The underlying problem for a company with a lot of turnover is assuring that new employees are assigned the correct access permissions and that those 
permissions are removed when they leave the company. 

Selecting the best answer requires one to think about the access control options in the context of a company with a lot of flux in the employee population. RBAC 
simplifies the task of assigning permissions because the permissions are assigned to roles which do not change based on who belongs to them. As employees join 
the company, it is simply a matter of assigning them to the appropriate roles and their permissions derive from their assigned role. They will implicitely inherit the 
permissions of the role or roles they have been assigned to. When they leave the company or change jobs, their role assignment is revoked/changed 
appropriately. 

Mandatory access control is incorrect. While controlling access based on the clearence level of employees and the sensitivity of obects is a better choice than 
some of the other incorrect answers, it is not the best choice when RBAC is an option and you are looking for the best solution for a high number of employees 
constantly leaving or joining the company. 

Lattice-based access control is incorrect. The lattice is really a mathematical concept that is used in formally modeling information flow (Bell-Lapadula, Biba, etc). 
In the context of the question, an abstract model of information flow is not an appropriate choice. CBK, pp. 324- 325. 

Discretionary access control is incorrect. When an employee joins or leaves the company, the object owner must grant or revoke access for that employee on all 
the objects they own. Problems would also arise when the owner of an object leaves the company. The complexity of assuring that the permissions are added and 
removed correctly makes this the least desirable solution in this situation. 

References 

Alll in One, third edition page 165 

RBAC is discussed on pp. 189 through 191 of the ISC(2) guide. 


NEW QUESTION 269 
- (Topic 1) 
Which TCSEC level is labeled Controlled Access Protection? 


A. C1 
B. C2 


Answer: B 


Explanation: 

C2 is labeled Controlled Access Protection. 

The TCSEC defines four divisions: D, C, B and A where division A has the highest security. Each division represents a significant difference in the trust an 
individual or organization 

can place on the evaluated system. Additionally divisions C, B and A are broken into a series of hierarchical subdivisions called classes: C1, C2, B1, B2, B3 and 
Al. 

Each division and class expands or modifies as indicated the requirements of the immediately prior division or class. 

D — Minimal protection 

Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division 

C — Discretionary protection 

C1 — Discretionary Security Protection Identification and authentication Separation of users and data 

Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis 

Required System Documentation and user manuals C2 — Controlled Access Protection 

More finely grained DAC 

Individual accountability through login procedures Audit trails 

Object reuse Resource isolation 

B — Mandatory protection 

B1 — Labeled Security Protection 

Informal statement of the security policy model Data sensitivity labels 

Mandatory Access Control (MAC) over selected subjects and objects Label exportation capabilities 

All discovered flaws must be removed or otherwise mitigated Design specifications and verification 

B2 — Structured Protection 

Security policy model clearly defined and formally documented DAC and MAC enforcement extended to all subjects and objects 

Covert storage channels are analyzed for occurrence and bandwidth Carefully structured into protection-critical and non-protection-critical elements Design and 
implementation enable more comprehensive testing and review Authentication mechanisms are strengthened 

Trusted facility management is provided with administrator and operator segregation Strict configuration management controls are imposed 

B3 — Security Domains 

Satisfies reference monitor requirements 
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Structured to exclude code not essential to security policy enforcement Significant system engineering directed toward minimizing complexity Security 
administrator role defined 

Audit security-relevant events 

Automated imminent intrusion detection, notification, and response Trusted system recovery procedures 

Covert timing channels are analyzed for occurrence and bandwidth 

An example of such a system is the XTS-300, a precursor to the XTS-400 A — Verified protection 

A1 — Verified Design Functionally identical to B3 

Formal design and verification techniques including a formal top-level specification Formal management and distribution procedures 

An example of such a system is Honeywell's Secure Communications Processor SCOMP, a precursor to the XTS-400 

Beyond A1 

System Architecture demonstrates that the requirements of self-protection and completeness for reference monitors have been implemented in the Trusted 
Computing Base (TCB). 

Security Testing automatically generates test-case from the formal top-level specification or formal lower-level specifications. 

Formal Specification and Verification is where the TCB is verified down to the source code level, using formal verification methods where feasible. 
Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted (cleared) personnel. 

The following are incorrect answers: C1 is Discretionary security 

C3 does not exists, it is only a detractor 

B1 is called Labeled Security Protection. 

Reference(s) used for this question: 

HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999. 

and 

AlOv4 Security Architecture and Design (pages 357 - 361) AlOv5 Security Architecture and Design (pages 358 - 362) 


NEW QUESTION 270 
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